Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Loading
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and... Critical Unreviewed
CVE-2016-4503 was published May 13, 2022
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an... Critical Unreviewed
CVE-2018-6328 was published May 13, 2022
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0,... Critical Unreviewed
CVE-2017-12477 was published May 13, 2022
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has... Critical Unreviewed
CVE-2017-12478 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7228 was published May 13, 2022
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's... Critical Unreviewed
CVE-2018-7791 was published May 13, 2022
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before... Critical Unreviewed
CVE-2018-15152 was published May 13, 2022
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to... Critical Unreviewed
CVE-2013-7137 was published May 13, 2022
An exploitable vulnerability exists in the generation of authentication token functionality of... Critical Unreviewed
CVE-2017-2864 was published May 13, 2022
Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing... Critical Unreviewed
CVE-2022-22796 was published May 13, 2022
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't... Critical Unreviewed
CVE-2019-12254 was published May 7, 2022
An improper authentication vulnerability has been reported to affect QNAP device running Video... Critical Unreviewed
CVE-2021-44056 was published May 6, 2022
An improper authentication vulnerability has been reported to affect QNAP device running Photo... Critical Unreviewed
CVE-2021-44057 was published May 6, 2022
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities Critical Unreviewed
CVE-2013-4621 was published May 5, 2022
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". Critical Unreviewed
CVE-2013-3088 was published May 5, 2022
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in... Critical Unreviewed
CVE-2013-3072 was published May 5, 2022
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter... Critical Unreviewed
CVE-2022-23723 was published May 4, 2022
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed... Critical Unreviewed
CVE-2021-41992 was published May 3, 2022
Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers... Critical Unreviewed
CVE-2007-6759 was published May 1, 2022
Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to... Critical Unreviewed
CVE-2007-6760 was published May 1, 2022
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a... Critical Unreviewed
CVE-2012-10001 was published Apr 23, 2022
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers... Critical Unreviewed
CVE-2012-2714 was published Apr 23, 2022
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan... Critical Unreviewed
CVE-2021-3897 was published Apr 23, 2022
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan... Critical Unreviewed
CVE-2021-3849 was published Apr 23, 2022
Typo3 Authentication Bypass Critical
CVE-2011-4628 was published for typo3/cms (Composer) Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database